Briefs

Better Auth versions prior to 1.4.9 have a critical two-factor authentication bypass vulnerability; when session.cookieCache is enabled, the initial sign-in session may be improperly cached, allowing attackers with valid credentials to bypass 2FA.

CVE-2026-35535 describes a privilege escalation vulnerability in Sudo versions up to 1.9.17p2, where a non-fatal error during privilege dropping can allow an attacker to gain elevated privileges.

A critical time-of-check time-of-use (TOCTOU) vulnerability in OpenClaw's remote file system bridge allows a sandbox escape by exploiting the delay between path validation and file reading, affecting versions up to 2026.3.28.

The openclaw package is vulnerable to arbitrary file read and credential exfiltration due to media local roots self-whitelisting in `appendLocalMediaParentRoots`, allowing a model to initiate arbitrary host file reads, potentially leading to credential exfiltration.

A use-after-free vulnerability (CVE-2026-34774) exists in Electron applications using offscreen rendering and allowing child windows, potentially leading to crashes or memory corruption if the parent WebContents is destroyed before the child window.

A use-after-free vulnerability exists in the `powerMonitor` module of Electron applications on Windows and macOS. When the native `PowerMonitor` object is garbage-collected, dangling references are retained by OS-level resources. Subsequent session-change events on Windows or system shutdowns on macOS may dereference freed memory, potentially leading to a crash or memory corruption.

A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-33107, exists in Azure Databricks, allowing an unauthorized attacker to elevate privileges over a network.

CVE-2026-33105 is a critical vulnerability in Microsoft Azure Kubernetes Service that allows an unauthorized attacker to elevate privileges over a network due to improper authorization.

CVE-2026-32211 is a critical vulnerability in Azure MCP Server due to missing authentication for a critical function, allowing an unauthorized attacker to disclose information over the network.

An improper authentication vulnerability (CVE-2026-32173) in the Azure SRE Agent allows an unauthorized attacker to disclose sensitive information over the network, potentially leading to data breaches or further compromise.

Hirschmann EagleSDV devices are vulnerable to denial-of-service (DoS) attacks where a device crash can be triggered by establishing TLS 1.0 or TLS 1.1 connections, leading to service disruption.

A heap overflow vulnerability in the HiLCOS web interface of Hirschmann Industrial IT products (CVE-2024-14033) allows unauthenticated remote attackers to cause a denial-of-service condition by sending specially crafted requests, leading to device crashes and service disruption, particularly when the Public Spot functionality is enabled.

A critical vulnerability in the openclaw npm package (<=2026.3.28) allows a heartbeat context inheritance to bypass the sandbox via senderIsOwner escalation, patched in version 2026.3.31.

The openclaw npm package is vulnerable to Python package-index redirection through host execution due to improper sanitization of `PIP_INDEX_URL` and `UV_INDEX_URL`, affecting versions 2026.3.28 and earlier.

OneUptime versions prior to 10.0.42 are vulnerable to an authentication bypass due to improper SAML signature validation, allowing attackers to impersonate users by prepending unsigned assertions.

Hirschmann HiEOS devices contain an authentication bypass vulnerability (CVE-2024-14034) in the HTTP(S) management module, allowing unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests.

CVE-2026-5429 is a code execution vulnerability in Kiro IDE before version 0.8.140 that allows a remote, unauthenticated attacker to execute arbitrary code by exploiting a crafted color theme name when a local user opens a workspace.

OneUptime versions prior to 10.0.42 are vulnerable to unauthenticated access to Notification test and Phone Number management endpoints, leading to potential abuse of SMS, Call, Email, and WhatsApp functionalities, and unauthorized phone number purchases, fixed in version 10.0.42.

goshs versions 1.1.0 to before 2.0.0-beta.2 are vulnerable to authentication bypass via Share Token, potentially allowing code execution (CVE-2026-34581).

CVE-2024-44250 is a permission issue in macOS Sequoia 15.1 that allows an application to execute arbitrary code outside of its sandbox or with elevated privileges, potentially leading to full system compromise.

CVE-2023-7342 allows authenticated users with operator or auditor roles in HiSecOS web server to escalate privileges to administrator by sending specially crafted packets, potentially granting full administrative access.

OpenProject versions before 17.2.3 are susceptible to SQL injection due to improper input sanitization in the '=n' operator, potentially allowing remote attackers to execute arbitrary SQL commands.

OpenSSH versions before 10.3 allow for the potential installation of setuid or setgid files when using scp to download files as root with the -O option (legacy SCP protocol) and without the -p option (preserve mode), contrary to user expectations.

Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 are vulnerable to information disclosure due to improper static file serving via a prefix matching issue in Rack::Static.

A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code by replacing a legitimate script with a crafted payload during the flashing process.

A server-side request forgery (SSRF) vulnerability exists in huimeicloud hm_editor up to version 2.2.3, allowing remote attackers to manipulate the 'url' argument in the client.get function of src/mcp-server.js to potentially access internal resources.

Endian Firewall versions 3.3.25 and prior allow authenticated users to delete arbitrary files due to a path traversal vulnerability in the `remove ARCHIVE` parameter of the `/cgi-bin/backup.cgi` script, leading to unauthorized file system modification.

Endian Firewall version 3.3.25 and prior allows authenticated users to execute arbitrary OS commands due to an OS command injection vulnerability in the DATE parameter of the /cgi-bin/logs_proxy.cgi endpoint.

Suricata versions prior to 7.0.15 are vulnerable to CVE-2026-31937, where inefficient DCERPC buffering can lead to a denial-of-service condition through performance degradation.

A denial of service vulnerability, CVE-2026-31935, exists in Suricata versions prior to 7.0.15 and 8.0.4, where flooding the system with crafted HTTP2 continuation frames leads to memory exhaustion and process termination.